Hacker puts 51 million file sharing accounts for sale on dark web

The recently-defunct company was once the third-largest music and video file sharing service in the US.

Users accounts for iMesh, a now defunct file sharing service, are for sale on the dark web.

The New York-based music and video sharing company was a peer-to-peer service, which rose to fame in the file sharing era of the early-2000s, riding the waves of the aftermath of the “dotcom” boom. After the Recording Industry Association of America (RIAA) sued the company in 2003 for encouraging copyright infringement, the company was given status as the first “approved” peer-to-peer service.

At its peak in 2009, the service became the third-largest service in the US. But last month, iMesh unexpectedly shut down after more than a decade in business.

LeakedSource, a breach notification site that allows users to see if their details have been leaked, has obtained the database.

The group’s analysis of the database shows it contains a little over 51 million accounts.

The database, of which a portion was shared with ZDNet for verification, contains user information that dates back to late-2005 when the site launched, including email addresses, passwords (which were hashed and salted with MD5, an algorithm that nowadays is easy to crack), usernames, a user’s location and IP address, registration date, and other information — such as if the account is disabled, or if the account has inbox messages.

LeakedSource said in a blog post that iMesh was likely breached in September 2013, based on the most recent records in the database.

In a message on Saturday, one of the group members said that “someone obviously hacked” the site, but did not speculate on who was responsible. “Who knows who really did it,” the person said.

For its part, the company’s chief operating officer Roi Zemmer said in an email that the company “is not aware of any hacks” and “is currently using state of the art technology to protect users’ info.”

After repeated requests, Zemmer did not confirm whether or not a sample of the database we sent him, which was provided by LeakedSource, was valid. Zemmer did not outright deny that the company had been hacked.

Attempts to follow up with Zemmer over the weekend went unanswered.

Given that the service is no longer operational, it’s difficult to verify the data. We reached out by email to a number of those who most recently to joined the service (which were listed in the breach) for confirmation, but we didn’t immediately hear back over the weekend. (We will update the story if that changes.)

What made the verification process more challenging is what appeared to be a considerable drop in user numbers in the site’s later years, based on LeakedSource’s analysis of the data. The service reached a peak of 9.4 million new users in 2009, but its growth had slowed to just 2.5 million new users by 2013 when the hack is said to have been carried out.

As many as 13 million accounts are from the US, with millions more from the UK and Europe.

The data is now up for sale on the dark web.

The hacker and seller who goes by the name “Peace,” who made a name for himself selling stolen data from Fling, LinkedIn, Badoo, and VK.com, also obtained a copy of the database — now thought to be in wide circulation among the hacker community.

In an encrypted chat, Peace confirmed that he is now selling the database on a dark web marketplace for 1 bitcoin, or about $590 at the time of writing.